 |
| Home | Download | Login |
|
Getting Started: Create your pass phrase
|
Previous Top Next |
Note: Choosing your pass phrase is the most important step of the setup process. Please do not rush
through this section!
Your pass phrase will be used as an encryption key to protect the contents of your data. The security of the
encryption used to protect your data depends upon a strong pass phrase. You must remember your pass
phrase in order to access the contents of your data.
Tip: Your pass phrase is different from your account password. Your account password protects access
to your online account and billing information, and it also protects the manual destroy data operation in
the file manager. Your pass phrase is used as an encryption key
Although a customer service representative can reset your account password if you forget it, they will not be
able to 'reset' the pass phrase used to encrypt the data on our servers. You must know the exact pass
phrase that was used to encrypt your data in order to decrypt your data.
Because you must not forget your pass phrase, we offer the ability to save your pass phrase in a dually
encrypted fashion on our server. No one will be able to read the saved pass phrase without knowing the
exact answers to several security questions, which you will choose and answer when saving your pass
phrase to our server. For additional information on the security of your saved pass phrase, click here.
WARNING: If you choose not to save your pass phrase to the backup server and you forget
your pass phrase, you will be unable to access your data. It is not possible for us to recover
your encryption key if you do not save your pass phrase on our server.
WARNING: If you do save your pass phrase to the backup server, but you forget the
answers to your security questions then we cannot recover your pass phrase, and you will
not be able to access your data if you forget your pass phrase.
Please follow these steps to create your pass phrase:
1. If you are not on the My Account panel, click the My Account button on the left:
2. Click the Create Pass Phrase button (if you've already created your pass phrase, click the Change Pass
Phrase button):
3. You will be prompted to enter new pass phrase:
Enter your pass phrase and then your pass phrase again (to verify that you typed your pass phrase
correctly).
Choosing a strong pass phrase is very important. If someone can guess your pass phrase then they will be
able to read the data associated with your account (if they know or guess your account password).
A strong pass phrase can be generated by using a string of unrelated words, modifying them in predictable
ways, and inserting random numbers and punctuation. The longer and more random your pass phrase is the
more secure it is. Using a string of unmodified words found in a dictionary is not secure. You should change
characters, insert numbers and punctuation, and use unpredictable capitalization. You should also insert
words that consist of random characters (such as a secure password).
The pass phrase strength meter at the bottom will help you gauge the strength of your pass phrase.
It is essential to the security of your data that you choose a strong pass phrase. A secure pass phrase will
prevent [future] computers from cracking your pass phrase by trying every possible combination.
At the rate technology is currently progressing, a pass phrase with an estimated strength of at least 96 bits
should be unbreakable until at least 2015. A pass phrase estimated at 128 bits or more should be
unbreakable for an additional 20 years. (More information: Schneier paper, Wikipedia article, and key length
calculator)
Note: The above statements are just estimates and are not providing any guarantees or warranties of
security. You are responsible for choosing a strong pass phrase. The strength estimation algorithm is
based on Shannon's measure of entropy (more).
It measures the degree of predictability of characters
within the pass phrase itself.
To help ensure the strength of your pass phrase, your pass phrase must meet the following criteria:
· It must be at least 15 characters long.
· It must contain at least two numbers or punctuation marks.
· It cannot contain your username.
· It cannot contain a sequence of identical or consecutive digits.
Pass phrases that meet these criteria are more likely to be strong passwords, but the responsibility of
choosing a strong password lies with you.
For more information on creating a strong pass phrase, please see these articles:
· The PGP Passphrase FAQ
(Note: Our software uses 256-bit AES encryption, SHA-256 hashing, and
follows RFC 2898 PBKDF2 in generating an encryption
key from a pass phrase.)
Data Protection will remember your pass phrase on your backup computer so that you will not be
required to enter it. However, you will need to memorize your pass phrase so you can restore your data
when offsite or when your computer fails.
NOTE: Once your pass phrase has been set, you will not be able to change it without first contacting the Data Protection Software Technical Support Group so that they will can reset the "pass phrase lock".
4. Memorize your pass phrase. The
exact pass phrase is required to recover your data. You may want to
share pieces of the pass phrase with trusted associates (for example, tell a third of the pass phrase to six
people). You should save the pass phrase to the server and also save it to some sort of removable media
(see below).
5. If you want to save your pass phrase on the server in a secure fashion, check the box below the confirm
pass phrase edit box that says Securely store the pass phrase on the server in case it is forgotten.
WARNING: If you choose not to save your pass phrase to the backup server and you forget
your pass phrase [and do not have a copy of it in a file], then you will be unable to access
your data. It is not possible for us to recover your encryption key if you do not save your
pass phrase on our server.
You should always save the pass phrase on the server. Doing so does not compromise the security of your
pass phrase. Click here for more information.
6. Once you have chosen and entered your pass phrase (twice), press OK.
6a. If you chose to save your pass phrase to the server, the security questions and answers dialog will
appear (otherwise skip to 6b). Here you
will specify the list of security questions and give answers to these
questions. The answers to these questions will be used to protect the pass phrase stored on our server and
ensure that only you will be able to recover the pass phrase if it is forgotten.
WARNING: If you cannot remember the exact answers to your security questions then we
cannot recover your pass phrase, and you will not be able to access your data if you forget
your pass phrase.
Record the name of the person filling out the security questions in the "Your Name:" box. This way the
person using the pass phrase recovery will know who it was that answered the questions. You can also
select the level of hints that you want to be provided if you have to use the recovery process. More hints will
make it easier to guess your exact answers.
During the pass phrase recovery process you will be prompted with the security questions you choose here,
and you will have to provide the answers exactly the same as when you type them here (except for
capitalization and whitespace). Punctuation is important, so be sure to use a standard format for dates (such
as mm/dd/yyyy or Jan 1, 2007).
You specify the questions on the left and give the associated answer in the box to the right of the question.
You can either type your own question or choose a predefined question by clicking on the down arrow in the
box (
).
).
The pass phrase will be stored encrypted on the server, and only a few senior level technicians will be able
to initiate the recovery process. The answers to your questions provide an additional level of security
ensuring that only you have access to your pass phrase. The more questions you answer and the longer and
more random your answers, the harder it is to guess or compute the answer. But you should always be able
to remember the answers exactly or you will not be able to recover your pass phrase.
You are required to choose and answer at least 3 questions, but answering at least 7 or 8 questions is much
more secure (the difficulty becomes exponentially harder as the length of your combined answer increases).
You will only have to do so once, so it is better to take the time to choose and answer more questions.
NOTE: This set of security questions is associated with the current pass phrase. It is possible to change the
security questions without actually changing your pass phrase. You have to follow the same process as you
would to change pass phrase (and again choosing to store the pass phrase on our secure server).
Once you have entered your questions and answers press OK and your pass phrase will be securely stored
on the server. Please skip step 6b below to
step 7.
6b. If you chose NOT to save your pass phrase to the server a confirmation dialog will appear. Please read
the notice and proceed only if you agree. Again, because you have chosen not to store your pass phrase on
the server we cannot recover a forgotten pass phrase, and without your pass phrase your data backups will
be worthless. To proceed, type YES in the box and click OK.
NOTE: You should always save the pass phrase to a file and place it in a separate and secure location
(described in the next step) because the server is not storing your pass phrase, and you must have your
pass phrase to recover your data. If you don't save your pass phrase then you run the risk of losing your
backup data forever.
7. The software will ask you whether you want to save the pass phrase to a file. Always save the pass
phrase to a file and store it on a different computer in a different physical location or other safe place (such
as on a CD in a safe deposit box).
Choose yes, and it will prompt you where to save the file (it will save the pass phrase to a text file). You
should save the pass phrase to removable media (floppy disk, flash drive, etc.), or save it to your hard disk
and then immediately burn a CD. The saved pass phrase file is like a key to your data so protect it
accordingly. You may save your pass phrase at any time by choosing the 
Save Pass Phrase to Disk
command from the Tools menu.
Save Pass Phrase to Disk
command from the Tools menu. Your account is now configured for Data Protection, and you are ready to specify what data should be
backed up.
